Hi folks, I'm generating spurious DNS requests from a variety of (closed) ephemeral ports. By the time I identify the port with tcpdump or snort or ethereal the request has been made, answered and the port closed. So I'd like to trace the connection back to its source program/process. The necessary info isn't present in a pcap dump. So what else is there? Any alternative approaches? Any suggestions welcome. b.